NVD

Id
45791  
Name
CVE-2012-4399  
Description
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2012-10-09  
Modified Date
2013-07-30  
Seq
2012-4399  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
229812 45791 CVE-2012-4399 http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1  View
229813 45791 CVE-2012-4399 20120716 CakePHP 2.x-2.2.0-RC2 XXE Injection  View
229814 45791 CVE-2012-4399 19863  View
229815 45791 CVE-2012-4399 [oss-security] 20120903 CVE-request: CakePHP XXE injection  View
229816 45791 CVE-2012-4399 [oss-security] 20120903 Re: CVE-request: CakePHP XXE injection  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29174 JVNDB-2012-004881 CakePHP の XML クラスにおける任意のファイルを読まれる脆弱性 CakePHP の XML クラスには、任意のファイルを読まれる脆弱性が存在します。 CVE-2012-4399 57637 CVE-2012-4399 45791 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004881.html 2012-07-14 2012-10-12 View